SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
SIP devices could become unwitting access points for remote attacks on critical systems.
https://portswigger.net/daily-swig/sip-protocol-abused-to-trigger-xss-attacks-via-voip-call-monitoring-software
The Daily Swig | Cybersecurity news and views
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software
SIP devices could become unwitting access points for remote attacks on critical systems
CVE-2021–22201: Arbitrary file read on Gitlab
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
Are Virtual Machines the New Gold for Cyber Criminals? https://www.mcafee.com/blogs/other-blogs/mcafee-labs/are-virtual-machines-the-new-gold-for-cyber-criminals/
McAfee Blog
Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT
The Cyber Swiss Army Knife.
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
https://github.com/gchq/CyberChef
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
https://github.com/gchq/CyberChef
GitHub
GitHub - gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - gchq/CyberChef
Microsoft SharePoint Server Remote Code Execution Vulnerability
In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the Sharepoint Server.
Security updates:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28474
In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the Sharepoint Server.
Security updates:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28474